InfoSec podcast. Practical steps to protect your business
an irregular security podcast
Security podcast for professional service firms focused on practical security steps to protect your company. We only talk about stuff you need to know, and update every 6-10 weeks depending how the world is. UK & European focus.
In this episode Angus & Noel talk VPN’s, SPECTRE (yes its still here!) and Have I been pwned.https://soundcloud.com/user-59491380/podcast-infosec-review-december-2019
Summary from the show:
CVE 2019 14899 – VPNs are being found theoretically vulnerable – in brief make sure you do not use compression for VPN or SSL. No actual attacks yet, but we need to keep an eye on this. (see link ) – only UNIX systems.SPECTRE 1″05 – bit of an update & overview, We go deep into the SPECTRE vulnerability, which has been out for at least a year now, and affects every CPU ever made, just about. There is a case for single tenant hosting if you are worried about security. Its not a casual attack, but would require a focussed long term attack, and we think its more likely to affect multi-tenanted cloud services and high value targets (like large law firms) Further reading here
Web page attacksWe’ve noticed more attacks on web pages recently, especially PHP attacks, including think.php. And lots more attacks on routers recently.
Have I been Pwned is still a useful check to see if your email has been disclosed in a breach. They do have an API but we’re not sure how much of a good idea that is.
Public keys published.
You can survey the Internet, and find peoples public keys, then find out where those keys work, and then you can go spearphish that person and service – there is a pretty easy mitigation… IP restrictions.
Chat about iStorage keys and pin code encryption.Is there any easy way to write protect USBs? So far gluing shut the switch is all I have found!